<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<TITLE>
Break Points
</TITLE>
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>Break Points</H1>
<p>A break point allows you to intercept a request from your browser and to change it before
is is submitted to the web application you are testing.<br/> 
You can also change the responses received from the application<br/>
The request or response will be displayed in the <a href="../../ui/tabs/break.html">Break tab</a>
which allows you to change disabled or hidden fields, and will allow you to bypass 
client side validation (often enforced using javascript).<br/>
It is an essential penetration testing technique. 
</p>
<p>
You can set a 'global' break point on requests and/or responses using the buttons on the
<a href="../../ui/tltoolbar.html">top level toolbar</a>.<br/>
All requests and/or responses will then be intercepted by ZAP allowing you to change anything before
allowing the request or response to continue. 
</p>
<p>
You can also set break points on specific criteria using the "Break..." right click menu on the
<a href="../../ui/tabs/sites.html">Sites</a> and <a href="../../ui/tabs/history.html">History tabs</a>
and the 'Add a custom HTTP break point' button on the <a href="../../ui/tltoolbar.html">top level toolbar</a>.<br/>
Only requests and responses which match those criteria will be intercepted by ZAP.<br/>
Custom break points are shown in the <a href="../../ui/tabs/breakpoints.html">Break Points tab</a> 
</p>
<p>
Break point option are configured using the 
<a href="../../ui/dialogs/options/breakpoints.html">Options Break Points screen</a>.<br>
</p>

<H2>See also</H2>
<table>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
<a href="../../ui/overview.html">UI Overview</a></td><td>for an overview of the user interface</td></tr>
<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;</td><td>
<a href="concepts.html">Features</a></td><td>provided by the UI</td></tr>
</table>

</BODY>
</HTML>
